/*
 * Sonatype Nexus (TM) Open Source Version
 * Copyright (c) 2008-present Sonatype, Inc.
 * All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
 *
 * This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
 * which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
 *
 * Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
 * of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
 * Eclipse Foundation. All other trademarks are the property of their respective owners.
 */
package org.sonatype.nexus.security.secrets;

import org.sonatype.nexus.crypto.secrets.Secret;

/**
 * Provides logic to migrate secrets from legacy encryption to encryption backed by secrets table.
 * Implementors must know if a secret was already migrated to avoid re-encrypting it.
 */
public interface SecretsMigrator
{
  void migrate() throws SecretMigrationException;

  /**
   * @return {@code true} if the secret is a simple wrapper around an encrypted string
   */
  default boolean isLegacyEncryptedString(final Secret secret) {
    return !isPersistedSecret(secret);
  }

  /**
   * @return {@code true} if the provided secret is a persisted secret
   */
  default boolean isPersistedSecret(final Secret secret) {
    return secret.getId().startsWith("_");
  }
}
